database search with hidden contact info??

[carley_bell]

Hi,

I have a searchable database that contains a field with an email address among other things and was wondering if it is possible to display a small form along with each result which the user can email the person without seeing the email address. Here is the code that I was "brainstorming" with: (I commented the important section so you don't have to read the whole code)

<?php

include("./config.inc.php");
  
  $var = @$_GET['input'] ;
  if (ereg("^[A-z0-9]*$",$var))
  $trimmed = trim($var);

$limit=10; 

if ($trimmed == "")
  {
  echo "<p>Invalid Search: Please make sure you are only using letters and numbers. The use of spaces, dashes and special characters is not permitted</p>";
  exit;
  }

if (!isset($var))
  {
  echo "<p>We dont seem to have a search parameter!</p>";
  exit;
  }

$query = "select * from `".$db_table."` where field_1 like \"$trimmed\"  
  order by field_1";

$numresults=mysql_query($query);
  $numrows=mysql_num_rows($numresults);

if ($numrows == 0)
  {
   echo """ . $trimmed . "" was not found";
  }

  if (empty($s)) {
  $s=0;
  }

  $query .= " limit $s,$limit";
  $result = mysql_query($query) or die("Couldn't execute query");

  while ($row= mysql_fetch_array($result)) {
{                      
		echo "<b>part number: </b>" . $row['field_1'] . "<br />
		 <b>manufacturer: </b>" . $row['field_2'] . "<br />
		 <b>qty available: </b>" . $row['field_3'] . "<br />
		 <b>description: </b>" . $row['field_4'] . "<br />
		 <b>price: $</b>" . $row['field_5'] . "<br /><br />"
             
// here is where I think the form would go but I know I am wrong. field_7 is the one that contains the email address
           
              echo "<form  name="contact" method="POST" action="search1.php">              
      	      <input type="hidden" name="email" value= .$row['field_7'].>
              Your Email: <input type="text" name="from"><br>
              Subject: <input type="text" name="subject"><br>
              Message: <textarea name="message"></textarea><input type="submit" value="send">
              </form>";
	}
        
              mail($row['field_7'], $_POST['subject'], $_POST['message'], "From: ".$_POST['from']);
              echo "Your email has been sent";

  }


  
?>

 

Let me know if this is completely the wrong way to go about this.

Thanks

[Sudden]

Try putting "" around .$row['field_7'] and taking out the . after it.

 

input type="hidden" name="email" value= ".$row['field_7']">

 

instead of

 

input type="hidden" name="email" value= .$row['field_7'].>

 

Not 100% sure this will fix it but it looks like it could be part of your problem.

[carley_bell]

aside from the errors, do you think the setup would work? Or is their an easier/more plausible way to do this? ???

[Sudden]

I'm not sure on an easier way, but I want you to know if you do make the email 'hidden' it will not be seen on the screen, but by viewing the source code you can find the hidden email, if you are only useing:

 

<input type="hidden" name="email" value= ".$row['field_7'].">

 

Again hope this helps 

[haku]

If you are trying to protect their privacy, putting their address in a hidden form element will, as sudden said, be visible in the source code for the page.

 

Instead, pass the user's unique ID (either an ID or their username) into the hidden tag, then on the processing side of the page, use that unique ID to pull their email out of the database. This way it is never visible to any users.

[carley_bell]

oops...that wouldn'be good

thank you for spotting that